An expert on Windows AI: 'Microsoft is going to set us back a decade in cybersecurity'

Microsoft launches this month its PC AI under the brand Copilot+. They are teams focused on the use of artificial intelligence that must have a NPU, a specialized AI coprocessor, with a performance of at least 40 TOPS to be able to run language models on the device. Among the functions that AI will be in charge of in these teams is Recallwhich takes screenshots of almost everything the user does on the PC and presents a timeline which makes it easier for you to see what you were doing, for example, a month before.

The implications for privacy are evident and various experts have described it as a 'disaster'. Kevin Beaumont is one of them and after testing the function for a week he has assured that with Recall 'Microsoft Will Deliberately Set Cybersecurity Back a Decade and Endanger Customers by Empowering Low-Level Criminals'.

The reason behind this statement is that Recall stores data it records in a database in plain text, despite Microsoft's promise of a secure and encrypted experience with this feature. This could make it easier for an attacker use malware to extract the database and its contents.

In a post on his Blog, the cybersecurity expert explains that 'every few seconds, screenshots are taken. These are automatically recognized by Azure AI, which runs on your device, and written to a SQLite database in the user's folder. This database file has a record of everything you've seen on your PC in plain text'. That is, it does not have any type of protection and to access its contents you just have to open it.

Beaumont shared an example of the database in plain text on X and criticized Microsoft for telling the media that a hacker cannot exfiltrate Recall activity remotely. The database is stored locally on a PC, but It is accessible from the AppData folder, in theory, only if you are an administrator on the PC, which is the most commonly used configuration. According to the expert, the database is accessible even if you are not an administrator.

Their concern is that Recall will make it easier for attackers steal information with malware. Trojans already exist InfoStealer to steal credentials and information from commonly distributed PCs. 'Recall allows threat actors to automate scraping (automatically extract information) from everything you've seen in a matter of seconds,' says Beaumont.

The expert has exfiltrated his own Recall database and uploaded it to Github so that anyone can search it for whatever they want. 'I'm deliberately withholding technical details until Microsoft releases the feature because I want to give them time to do something,' it states.

Currently, Microsoft plans enable Recall by default on Copilot+ PCs and there is no option to disable it during the configuration process unless an option is checked which subsequently opens the Settings panel to do so. Microsoft would still be considering changing the configuration process.

The privacy controls offered by Recall allow disable capture of certain URLs and applications. It also does not store any material protected with digital rights management tools nor does it capture 'certain types of content', including browsing sessions in incognito mode.

'Recall captures are kept on the Copilot+ PCs, on the local hard drive, and are protected through data encryption on your device and (if you have Windows 11 Pro or an enterprise version of Windows 11) BitLocker,' Microsoft explains on its FAQ page.

However, Beaumont notes that disk encryption is useful only for certain scenarios. 'When you log on to a PC and run software, things are figured out for you. Encryption at rest only helps if someone comes to your house and physically steals your laptop — that's not what criminal hackers do.'